On Mon, May 05, 2008 at 11:27:59AM -0500, Charles Duffy wrote:
> Per subject. I don't understand what the client is waiting for --
> according to 'ls' with debug set, every packet sent has received a
> response. Could the unhandled 'env' requests be related?
I suspect the server sends truncated replies. Please try this patch
(against 3.7.2 version).
--
Alexander.
Index: SFtp.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/SFtp.cc,v
retrieving revision 1.78
diff -u -p -r1.78 SFtp.cc
--- SFtp.cc 8 Apr 2008 19:35:11 -0000 1.78
+++ SFtp.cc 7 May 2008 07:41:53 -0000
@@ -388,7 +388,12 @@ void SFtp::Packet::PackString(Buffer *b,
SFtp::unpack_status_t SFtp::Packet::UnpackString(const Buffer *b,int
*offset,int limit,xstring *str_out)
{
if(limit-*offset<4)
- return b->Eof()?UNPACK_PREMATURE_EOF:UNPACK_NO_DATA_YET;
+ {
+ // We unpack strings when we have already received complete packet,
+ // so it is not possible to receive any more data.
+ LogError(2,"bad string in reply (truncated length field)");
+ return UNPACK_WRONG_FORMAT;
+ }
int len=b->UnpackUINT32BE(*offset);
if(len>limit-*offset-4)
@@ -441,8 +446,8 @@ SFtp::unpack_status_t SFtp::Packet::Unpa
SFtp::unpack_status_t SFtp::UnpackPacket(Buffer *b,SFtp::Packet **p)
{
- *p=0;
Packet *&pp=*p;
+ pp=0;
Packet probe;
unpack_status_t res=probe.Unpack(b);
@@ -517,8 +522,8 @@ SFtp::unpack_status_t SFtp::UnpackPacket
;
}
probe.DropData(b);
- delete *p;
- *p=0;
+ delete pp;
+ pp=0;
}
return res;
}
@@ -1851,9 +1856,19 @@ SFtp::unpack_status_t SFtp::Reply_STATUS
UNPACK32(code);
if(protocol_version>=3)
{
+ if(unpacked>=limit)
+ {
+ LogError(2,"Status reply lacks `error message' field");
+ return UNPACK_SUCCESS;
+ }
res=Packet::UnpackString(b,offset,limit,&message);
if(res!=UNPACK_SUCCESS)
return res;
+ if(unpacked>=limit)
+ {
+ LogError(2,"Status reply lacks `language tag' field");
+ return UNPACK_SUCCESS;
+ }
res=Packet::UnpackString(b,offset,limit,&language);
if(res!=UNPACK_SUCCESS)
return res;
